165 matches found
Wiz Code和Wiz (legacy) 安全漏洞
Wiz Code and Wiz legacy are both a Visual Studio Code extension from Wiz, Inc. A security vulnerability exists in Wiz Code versions 1.0.0 through 1.5.3 and Wiz legacy versions 0.13.0 through 0.17.8, which stems from vulnerability to local command injection attacks...
PT-2024-39454 · Microsoft +1 · Visual Studio Code +2
Name of the Vulnerable Software and Affected Versions: Wiz Code Visual Studio Code extension versions 1.0.0 through 1.5.3 Wiz legacy Visual Studio Code extension versions 0.13.0 through 0.17.8 Description: The issue allows for local command injection when a user opens a maliciously crafted...
CLSA-2024-1727287647 emacs: Fix of CVE-2024-48337
CVE-2024-48337: fix etags local command injection vulnerability...
CVE-2024-3995
In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins...
CVE-2024-3995 Command Injection in Helix ALM
In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins...
PT-2024-28752 · Perforce · Helix Alm
Name of the Vulnerable Software and Affected Versions: Helix ALM versions prior to 2024.2.0 Description: A local command injection issue was identified. The issue was reported by Bryan Riggins. Recommendations: For Helix ALM versions prior to 2024.2.0, update to version 2024.2.0 or later to resol...
Perforce Helix ALM Security Vulnerability
Perforce Helix ALM is an application lifecycle management software from Perforce. A security vulnerability exists in Perforce Helix ALM versions prior to 2024.2.0 that stems from the presence of local command injection...
CVE-2024-0325
In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins...
Command injection
In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins...
CVE-2024-0325
CVE-2024-0325 concerns a local command injection in Helix Sync versions prior to 2024.1 . The available documents confirm the vulnerability and its local-execution nature but do not provide concrete details on affected versions beyond the 2024.1 cutoff, the exact vulnerable component, or root cau...
Helix Sync Command Injection Vulnerability
perforce Helix Sync is a simplification tool from perforce. A security vulnerability exists in Helix Sync versions prior to 2024.1 that stems from the presence of local command injection...
Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2023-2120)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 9 : emacs (RHSA-2023:2626)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2626 advisory. GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp,...
emacs: local command injection in ruby-mode.el
A flaw was found in the Emacs package. A malicious ruby source file may cause a local command injection...
CVE-2023-2091
A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function adjustcpufreqscalinggoverner. The manipulation leads to os command injection. It is possible to launch the attack on the local host. The exploit has been...
CVE-2023-0978
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to...
CVE-2023-1277
A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord on Ubuntu Kylin. Affected is the function InstallSnap of the component Update Handler. The manipulation leads to command injection. The attack needs to be approached locally. The exploit has been...
CVE-2021-4326 Imperative Local Command Injection allows Activity Masking
A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...
CVE-2022-48338
A flaw was found in the Emacs package. A malicious ruby source file may cause a local command injection...
CVE-2022-48338
CVE-2022-48338 affects GNU Emacs up to version 28.2, via ruby-mode.el’s function ruby-find-library-file . The vulnerability is a local command injection: the function is interactive and calls external command gem through shell-command-to-string without escaping feature-name parameters, enabling a...